CA LDAP SSL connection fails with no private key message in LDAP trace.  The SDERR log has the following entries: 

TLS: can't accept: Key entry does not contain a private key
connection_read(8): TLS accept failure error=-1 id=1001, closing
connection_closing: readying conn=1001 sd=8 for close  

Release : 15.0

Component : LDAP Server for z/OS

The private key is not returned because user needs DELETE access to the FACILITY resource class as shown below:

SET RESOURCE(FAC)
RECKEY IRR ADD( DIGTCERT.GENCERT UID(uid of ldapserver stc) SERVICE(DELETE) ALLOW)
F ACF2,REBUILD(FAC)